null
Skip to end of banner
Go to start of banner

Authorization

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 8 Next »

Currently users require the permission to schedule the BPF program /PCH/BPF_RUNTIME_ACTIONS as job in case of temporary errors like object locks during status change. This will be changed in a future release. The authorization required is:

Authority object: S_BTCH_JOB

Field: JOBGROUP value: <empty>

Field JOBACTION value: ‘RELE’

Normal user do not need any special authorization to work with ProProcess. Authorizations might be checked on the level of certain task, which are completely independent of ProProcess.

Special authorizations are required for certain task at definition and at run time.

Authorization for special customizing/modelling tools

Besides the classic process modelling application several expert tools (see ProProcess Customizing Manual) exist which require the authority object /PCH/BPFCF. The authority object contains a predefined function and an activity. The values are described below.

Authority function

Activity

Description

CONSIST

06, 39

Consistency check of the whole process modelling data (39) including cleanup of invalid data (06)

TPCHEK

39

Consistency check between process data stored on the database and the data recorded in the corresponding transport task

WF

01, 02, 06

Workflow utilities to check, create, update, repair, activate and delete workflow patterns. Authorization is only needed for creating (01), changing and activation (02) and deleting (06) workflow patterns.

Authorization for process administrators

In some cases, it is needed that an administrator is changing something on ongoing processes (see ProProcess User Manual). There are several actions available, which are all protected using the authorization object /PCH/BPFAD and a function. The following predefined functions are available:

Authority function

Description

1000

Change status of a process (currently only aborting)

1001

Change description of a process

1100

Solve problems of erroneous processes

1101

Ignore problems of erroneous processes

1200

Restart erroneous processes

1900

Delete process (currently not supported)

2001

Adjust gateways

3001

Adjust threshold of parallel part processes

4000

Change status of an activity (currently only completing)

4001

Activate/deactivate activities

4002

Replicate activities

4500

Reset workitem reservation

5000

Change agents of an activity

6000

Change status of a task (currently only completing)

8000

Change deadlines

8001

Change priorities

8002

Change protocol (currently not supported)

9001

Chagen object list


Fiori Apps and SAP MyInbox integration

The access to the back-end services of ProProcess are protected by the SAP default authorization object for ODATA Services (S_SERVICE).

The following fields and values are being checked. For details please refer to the authorization object documentation.

In case of Gateway Hub Systems, this authorization must be assigned in the back-end system.

Field

Value

Type

TADIR Service

PgId

R3TR

Object Type

IWSV

Object Name

My Inbox integration:

  • /PCH/BPF_INBOX_SRV 0001

  • /PCH/BPF_TASKS_SRV 0001

Dashboard and Process List:

  • /PCH/BPF_REPORTING_SRV 0001

In case of Gateway Hub Systems, the authorization must be assigned in the front-end system.

Field

Value

Type

TADIR Service

PgId

R3TR

Object Type

IWSG

Object Name

<technical service name>_<service version 4 digits with leading zeros> (use available Value Help). The name depends on the prefix used during service activation.
My Inbox integration:

  • e.g. ZBPF_INBOX_SRV_0001

  • e.g. ZBPF_TASK_SRV_0001

Dashboard and Process List:

  • e.g. ZBPF_REPORTING_SRV_0001

Please keep in mind, that any user using any SAP ODATA Service in a non local deployment scenario (call via RFC) need proper backend authorizations for the Gateway RFC Interface. Please refer to the SAP NetWeaver Gateway Foundation Security Guide for more Information on your landscape setup. The user should have at least the following authorizations for the authorization object S_RFC:

Field

Value

Type of RFC object to which access is to be allowed

FUGR (Function group)

Name (Whitelist) of RFC object to which access is allowed

/IWBEP/FGR_MGW_CLIENT_IF

Activity

16 (Execute)

  • No labels

© ProNovia AG | Imprint | Data Protection